Control Lead Security Posture Management
Commonwealth Bank of Australia
- Sydney, NSW
- Permanent
- Full-time
The Cyber Controls Chapter Area plays a crucial function within the Group Security division being responsible for designing and deploying effective cyber control capabilities and overseeing continuous improvement of the Group’s cyber risk profile.As a large, tech‑driven organisation serving millions of customers daily, we must continuously harden our environment against an evolving threat landscape. This role leads the enterprise‑wide Secure Configuration Management (SCM) control capability, ensuring secure baselines are defined, deployed, monitored and continuously improved across all major asset classes. You’ll also provide rules‑based security posture management oversight (CSPM/SSPM/KSPM/Network/Posture-as-Code) and drive timely, risk‑informed remediation of baseline exceptions.We support our people with the flexibility to balance where work is done with at least half your time each month connecting in office. We also have many other flexible working options available including changing start and finish times, part-time arrangements and job share to name a few. Talk to us about how these arrangements might work for you.Do work that matters
Providing subject-matter expertise to Technology Crew Leads and Product Owners in setting the strategic roadmap for Security Configuration Management, Cloud Security Posture Management, SaaS Security Posture Management and API Vulnerability Management capabilities, overseeing control operation, and supporting delivery of control remediation to achieve target risk outcomes.Establishing and maintaining control standards and guidelines to align with changes in industry standards, technology strategy and threat intelligence.Governing the Group’s compliance with Security Configuration Management control requirements and supporting the business in tracking remediation of critical security weaknesses and improvement of overall risk posture.You will also:Ensure Security Configuration and Posture Management operation adheres to the Group Operational Risk Management Framework.Define the control testing approach to support automated control performance monitoring.Carry out annual control effectiveness assessments and drive appropriate risk remediation to address identified control weaknesses.Assist the CTO CIO for Technology and GTS Infrastructure Transformation teams achieve their goals, who are responsible for the operation of vulnerability remediation across the Group’s critical applications and infrastructure.Maintain positive stakeholder engagement with product owners, security engineers, and adjacent cyber security teams in relation to the development and lifecycle of secure configuration baselines and posture rulesetsWe are interested in hearing from people who have:Security Standards & FrameworksApplied knowledge of ASD ISM, NIST, CIS, and Essential Eight mitigation strategies.Familiarity with vulnerability prioritisation frameworks like CVSS and EPSS.Security certifications such as CISSP, CISM, or CRISC are highly desirable.Tools & TechnologiesHands-on experience with policy compliance and security posture tools (e.g., Qualys, Wiz, NoName, Obsidian).Skilled in hardening endpoints and cloud services.Strong understanding of system security principles and automation for continuous compliance and reporting.Threat & Vulnerability ManagementAbility to analyse threat intelligence, identify risks, prioritise vulnerabilities, and recommend mitigations.Experience implementing patch management programs and working with enterprise vulnerability management solutions.If you're already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you'll need to apply through to submit a valid application. We’re keen to support you with the next step in your career.We're aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696.Advertising End Date: 18/09/2025